Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/ahmetak4n/radar

Scanner for misconfigured DevSecOps or Security tools on internet like SonarQube, GoPhish etc.
https://github.com/ahmetak4n/radar

gophish radar shodan sonarqube

Last synced: 6 months ago
JSON representation

Scanner for misconfigured DevSecOps or Security tools on internet like SonarQube, GoPhish etc.

Awesome Lists containing this project

README 

        
[![build](https://github.com/ahmetak4n/radar/actions/workflows/build.yml/badge.svg)](https://github.com/ahmetak4n/radar/actions/workflows/build.yml)

[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=ahmetak4n_radar&metric=alert_status)](https://sonarcloud.io/dashboard?id=ahmetak4n_radar)

[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=ahmetak4n_radar&metric=bugs)](https://sonarcloud.io/summary/new_code?id=ahmetak4n_radar)

[![OpenSSF

Scorecard](https://api.securityscorecards.dev/projects/github.com/ahmetak4n/radar/badge)](https://api.securityscorecards.dev/projects/github.com/ahmetak4n/radar)



# radar

A lot of tool using in DevSecOps pipelines. But DevSecOps process does not include secure configuration of these tools. That's why too many misconfigured DevSecOps tools exist on internet. Also so many security tools used for Phishing or Scanning are available on internet with old versions or misconfigured way or default credentials.



The Radar find DevSecOps or Security tools via Shodan and check their configuration.



Scanned Tools:

- SonarQube

  - Check default credential

  - Show public projects and details

  - Download source codes from selected project

- GoPhish

  - Check default credential



# build

```bash

git clone https://github.com/ahmetak4n/radar.git

cd radar

go buid radar.go

```



# usage

Help




`./radar -h`



Scan misconfigured SonarQube services




`./radar sonarqube -aK $SHODAN_API_KEY` 



Scan Gophish services that work run with default credentials




`./radar gophish -aK $SHODAN_API_KEY` 



# screenshots

Find sonarqube services

![sonar_how_to](https://github.com/ahmetak4n/radar/blob/master/sonarqube_how_to.png)



Download source code from detected sonarqube services

![sonar_how_to](https://github.com/ahmetak4n/radar/blob/master/sonarqube_scd_how_to.png)



Find gophish services

![gophish_how_to](https://github.com/ahmetak4n/radar/blob/master/gophish_how_to.png)



# disclaimer

Radar is developed for InfoSec persons. It should be used for authorized testing and/or educational purposes only.

**I take no responsibility for the abuse of Radar**